Windows Server 2016: Introduce Hyper-V Nested Virtualization

One of the most important new feature on Windows Server 2016 TP4 is the Nested Virtualization. This feature allows to create an Hyper-V environment into another Hyper-V.


In this moment the first supported role that use this technology is Hyper-V Container, to isolate and separate process between Host Container and Containers.


From my point of view there’s another potential scenario: create separate Hyper-V host into one single machine. If you are a Service Provider, you could provide an entire Hyper-V host to a specific customer, without give him the real hardware. Could be Microsoft Azure the first one?


Nested Virtualization is present on Windows Server 2016 TP4 but also on Windows 10 (Yes Franky!). Before start with configuration, remember that:


  • 4 GB RAM available minimum are required for VM
  • Host and VM must run that same build – at least build 10565
  • Intel VT-x is required and there is no support for AMV-V


Another critical point is check if your host supports HostNestedVirtualization; to do this download and run this script:


Invoke-WebRequest -OutFile C:\Get-NestedStatus.ps1


Ready for rock ‘n roll? After VM’s creation, run this PowerShell cmdlet from your host:


Invoke-WebRequest -OutFile C:\Enable-NestedVm.ps1


Execute the file with the name of your VM:


C:\Enable-NestedVm.ps1 -VmName “MyNestedHost”


This script does:


  • Disables Dynamic Memory on VM
  • Sets minimum required 4 GB static memory to VM
  • Enables virtualization extensions
  • Enables MAC Address Spoofing


Now it’s time to enable Hyper-V Role on your VM with these cmdlets:


Add-WindowsFeature RSAT-Hyper-V-Tool -IncludeAllSubFeature
Enable-WindowsOptionalFeature -FeatureName Microsoft-Hyper-V -Online


Restart your VM and test the new toy! It works!


Figure 1 – Nested Virtualization


Keep in mind that there are a couple of limitations/bugs:


  • Hosts with Device Guard enabled cannot expose virtualization extensions to guests
  • Hosts with Virtualization Based Security (VBS) enabled cannot expose virtualization extensions to guests. You must first disable VBS in order to preview nested virtualization
  • No Dynamic memory
  • No Runtime memory resize
  • No checkpoints to a running VM
  • No Live migration
  • No Save/restore


Too cool, right? Test Nested Virtualization today! Download Windows Server 2016 TP4